Travelex neglects customers’ privacy rights in data hack
On 31 December 2019 the foreign exchange company Travelex fell victim to a cyberattack, leading to a standoff between the company and the Sodinokibi ransomware group. The group, who were responsible for the data hack, threatened to release private data belonging to Travelex customers unless they were paid 6 million US dollars.
Despite the serious nature of the breach, Travelex opted not to inform the Information Commissioner’s Office. The ICO should be informed of any data breach that compromises personal data within 72 hours of the incident occurring.
Travelex did not initially acknowledge the hack, instead stating that its website was down for ‘routine maintenance’. Customers were simply told to wait until the company fixed its computer system, with some customers being stranded in a foreign country with no access to their money.
Travelex said that there was no clear evidence to suggest that the breach involved customer data being put at risk, despite the distinct possibility that hackers had direct access to such information.
Speaking in a statement following the incident, Travelex CEO Tony D’Souza said:
We continue to make good progress with our recovery and have already completed a considerable amount in the background.
We are confident, based on our efforts to date, that we will be able to restore our services and ensure the integrity and robustness of the network.
The data involved in the hack is thought to comprise of social security numbers, dates of birth and payment card information. Though it is not clear exactly who may have been affected by the data hack, any customer who has ordered money from the company may have been at risk.
This is not the first time Travelex have been hit by a cybersecurity incident and the company was also made aware well in advance that they were potentially vulnerable to the Sodinokibi ransomware.
Our expertise with data breaches
Hayes Connor is home to one of the largest team of data breach claims specialists in the country. With a wealth of experience and an excellent track record of success, we can guide clients through dealing with any situation where personal data has been lost, stolen or otherwise exposed.
If your data has been exposed or potentially exposed in a data breach, you can take a look at our guide to what to do if your data has been stolen in a data breach.
You can find out more about our expertise and how we handle data breach claims here.
To see how we can help with a data breach, you can use our online claim form or speak to a member of our team by calling 0151 363 5895.